1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

What's the deal with MDSAP?

Discussion in 'ISO 13485 and ISO 14969 – Medical Devices QMS' started by MarkMeer, Dec 11, 2015.

  1. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    I just got an email from Health Canada notifying me that they are transitioning from the ISO 13485/CMDCAS to the MDSAP certification program. ...I guess we'll have to get on board...

    So I've got several questions:

    1. Can we leverage our present ISO 13485/CMDCAS certification? ...or must we go through a new round of certification from scratch (and incur all the costs entailed)?

    2. The US FDA is apparently on-board with the MDSAP program. Does this mean no more QMS/QSR inspections from the FDA?

    3. The EU is not mentioned as recognizing MDSAP. Does this mean that, moving forward, we'll have to hold 2 separate quality system certifications (EN ISO 13485 for the EU, and MDSAP for US, Canada, Australia, etc.)? If so, isn't this setup essentially doubling the QMS certification cost for manufacturers that want to sell in both North-American & European markets?
     
  2. Jim Hagenbaugh

    Jim Hagenbaugh Member

    Joined:
    Aug 4, 2015
    Messages:
    26
    Likes Received:
    24
    Trophy Points:
    2
    Location:
    VA
    From the HC web site:
    MDSAP will replace the current Canadian Medical Devices Conformity Assessment System (CMDCAS) program, even in situations when a manufacturer intends to sell only in Canada. This implementation will begin at the conclusion of the Pilot on January 1, 2017, and will span a period of two years. During this two year period, Health Canada will accept certificates issued under both CMDCAS and MDSAP. As of January 1, 2019, only MDSAP certificates will be accepted. Further details will be released as the transition plan is finalized. Health Canada's transition to MDSAP is an attempt to align with the transition period for the revised version of ISO 13485, which is anticipated to be published in early 2016.

    2. I doubt the FDA will take that much of a hands off approach, but if you are ISO 13485 in the US it may stretch out the visits a bit.

    3. Its a IMDRF initiative and it is based on ISO 13485 compliance so short term it might appear that way, but long term IMHO I think it all goes to one cert.

    Personally, I don't see the FDA stepping out of QSR auditing. I see them leveraging MDSAP to reduce the number of their audits on lower risk organization, while actually getting a better view of the health of those quality system.
     
    Somashekar and Ronen E like this.
  3. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    Hi Jim. Thanks for the reply.
    (I was beginning to think no one had anything to say about the MDSAP program...:p)

    My inquiry regarding "leveraging" present ISO/CMDCAS certification, was regarding the costs and time involved.

    I would presume (hope) that because the MDSAP program is more-or-less aligned with ISO 13485, that the process to transition from one to the other is not overly burdensome.

    Hypothetical situation: Someone gets certified to ISO 13485/CMDCAS in 2017, and it's valid for 3 years. Come 2019 (when ISO/CMDCAS is no longer recognized), would this company have to incur a cost of a whole new certification process? ...or could the results from their (still valid) ISO certificate be leveraged?

    So, if foreign regulatory bodies such as the FDA are still going to be conducting their own quality audits (independent of MDSAP), what's the point of the MDSAP?

    Let's hope so. ...but in the meantime (unless the EU gets on board before 2019), we ARE talking about burdening manufacturers with maintaining 2 separate certifications, effectively doubling the cost.
     
  4. Stephen Chung

    Stephen Chung New Member

    Joined:
    Nov 9, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    So, if foreign regulatory bodies such as the FDA are still going to be conducting their own quality audits (independent of MDSAP), what's the point of the MDSAP?

    Keep in mind that MDSAP was designed to benefit regulatory bodies and multinational corporations, not the little guys. The FDA has explicitly stated that MDSAP would not exempt manufacturers from For Cause and other types of special inspections.

    Worst of it all, MDSAP audit results will be accessible to each of the member countries.

    3. Its a IMDRF initiative and it is based on ISO 13485 compliance so short term it might appear that way, but long term IMHO I think it all goes to one cert.

    Well, not anytime soon as Europe is focused on getting its NBs in line and enforcing the new MDR/IVDR beginning next year.
     
  5. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    MDSAP was the regulator's conscious decision to promote single audit across all member regions that was acceptable. Will EU also embrace the MDSAP.. ? when ?
    This started as a parallel acceptable audit program besides the regulators own quality system inspection schemes. I am not aware of the response to the pilot so far that ends in 2016., but as the AO were necessarily CMDCAS recognized, HC have conveniently moved to MDSAP from the 2019.
    It all now depends upon your market penetration ...
    If your market is only Canada, then the CMDCAS 13485 transitioning to MDSAP is a straight case. No other regulatory applies.
    When you also have the USA market, then in the MDSAP, you have to include the specific regulatory requirements. While the FDA normal inspection is not at cost and not an annual affair always, here in the MDSAP you are sucked into. So is the case with the other regions recognizing the MDSAP.
    Would the FDA make the MDSAP mandatory ... ? I have my own doubts
    Would the ANVISA / TGA others make the MDSAP mandatory ... ? I have my own doubts
    I am still wondering what the new revision ISO 13485 will do good to the medical device industry in the MDSAP scenario.
     
  6. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    Urg. At this point I'm not sure if I'm being overly cynical or just realistic in thinking that the "little guys" are always the ones bearing the burden of new/revised/augmented regulations. :(

    I'm still not clear on how MDSAP is of value, if national regulatory agencies (e.g. FDA) still plan to maintain a parallel quality-system enforcement system.

    From what you are saying, is the following situation likely?
    - MDSAP audit has some observations, and post these to the member countries
    - The US FDA (and possibly other countries) uses this data to determine 'for cause' inspections
    - The manufacture (who is in the process of addressing the MDSAP observations) is suddenly hit with a bunch of 'for cause' inspections from member country regulatory agencies.
    - All the 'for cause' inspectors come in and essentially repeat much of the same inspections done by the original MDSAP

    If this is a possible outcome, how does this benefit anyone?
     
  7. Ronen E

    Ronen E Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    133
    Likes Received:
    70
    Trophy Points:
    27
    Mark, for your sanity you better remember that in spite of all good intentions, there are some politics involved. It's not "all evil", just a fact of life. Almost everyone is in favour of harmonisation, but countries don't easily give up jurisdiction. There is always some suspicion and confidence needs to build up gradually.

    It's also a fact of life that smaller entities are often hit harder than big ones; it doesn't mean that someone set out to intentionally make it harder for them.

    Anything like MDSAP has to take years to come about, and the ride can't be joyous. I don't think that it's realistic to expect anything like that to be neat rom the outset, with a crystal-clear timeline and full, immediate buy-in by all parties. There will always be constraints and inconveniences. I think that the mere fact that this is actually happening and that there is some initial buy-in is remarkable. 10 years ago it was almost unimaginable that FDA would ever consider harmonising to something based on ISO 13485.

    Even if FDA maintains its "for cause" inspection rights, MDSAP can still be of value for most manufacturers - it eliminates routine inspections. Companies that do right don't easily / normally end up getting "for cause" inspections.

    The scenario you described is possible but I don't think it will be common. Not every NC in a QS audit (e.g. ISO 13485) would trigger an FDA "for cause" investigation. You have to do something really wrong to get that. Other regulators operate quite differently from the FDA, so I have serious doubts that each and every one of them will jump and come over for a visit even if there are some substantial findings in a MDSAP audit. Particularly in the EU, it sometimes takes a lot of wrong and a lot of time for the authorities to do something. I'm guessing that more likely they'll just let the MDSAP mechanism mince the NCs up to closure, and observe. Please don't forget that all regulators and NBs are stressed for resources.

    I guess we just need some faith / optimism to get us through the next ~5 years...

    Cheers,
    Ronen.
     
    Somashekar and Monica like this.
  8. Jim Hagenbaugh

    Jim Hagenbaugh Member

    Joined:
    Aug 4, 2015
    Messages:
    26
    Likes Received:
    24
    Trophy Points:
    2
    Location:
    VA
    Pads38 likes this.
  9. Pads38

    Pads38 Member

    Joined:
    Aug 6, 2015
    Messages:
    28
    Likes Received:
    22
    Trophy Points:
    2
    Location:
    UK
    Thanks Jim - useful link.

    A couple of points that stood out from that:

     
  10. Ye Li

    Ye Li New Member

    Joined:
    Aug 1, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Markham, ON, Canada
    I have a query below:

    The headquarter have several factory sites to manufacture the products, the main site could satisfy all the request by MDSAP, which could comply with all kind of regulation requirement, such like the regulation from MHLW, FDA, Health Canada, TGA and ANVISN, but another site could not comply with these regulation requirements, also they do not export the product to Brazil.

    so my questions is that the MDSAP audit requires all the 5 countries regulation that need to be full compliance with? How about if your product does not export to Brazil? In this case, do you need to comply with ANVISA which is Brazil’s regulation? or just put the note on the report for "Not Applicable".

    Overall, the question is that do we need to compliance all the 5 countries regulation for all the manufacturer site if we want to comply with MDSAP?

    Thanks for your reply in advance,
     
  11. Ye Li

    Ye Li New Member

    Joined:
    Aug 1, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Markham, ON, Canada
    I think I found the answer below:

    https://www.linkedin.com/redir/redi...t/UCM430563.pdf&urlhash=xCEd&_t=tracking_anet

    95.Can the manufacturer exclude a jurisdiction from the scope of an MDSAP audit?

    A manufacturer may exclude the requirements of a jurisdiction where the organization does not intend to supply medical devices. In other words, audit criteria under the MDSAP include at a minimum ISO 13485 and the medical device regulations that are applicable in any of the participating regulatory authority’s jurisdiction where the organization supplies medical devices.
     
  12. Lindy

    Lindy Member

    Joined:
    Jan 10, 2018
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    2
    Hi Mark,
    From what I understand, ISO 13485/CMDCAS will not be accepted starting in 2019.
    The long-term intention of the MDSAP is to lower costs and audit occurrences from various countries, but since it's new and not everybody is on board, it will be a bit expensive and time consuming for all the companies that have to go through it.

    The FDA will still conduct their own inspections, especially if there is a large issue that leads to a recall, but being MDSAP certified will look favorable towards your company. Right now it doesn't replace the need for an inspection, but down the road, if the MDSAP audits prove to be effective, the FDA may start using them as justification to not perform an inspection at your company.

    You will still need to maintain your EU certification. Since the EU requirements went through a lot of changes recently, they didn't want to throw the new MDSAP requirements in the mix. As with the FDA's mindset, if the MDSAP audits prove to be effective, then the EU and other countries around the world may jump on the MDSAP bandwagon. It's just a wait and see type of thing right now.

    I'm not sure how MDSAP will go about adding new countries to the certification, and if it would require new MDSAP audits if you are selling to a country that is added on to the MDSAP, but I guess we'll find out.

    We're having our MDSAP audit in May and June. I'm a bit worried about it since I don't quite know what to expect, but hopefully it goes smoothly!